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REMARKS 

Reconsideration of this application in view of the above amendments and the remarks 
below is respectfully requested. Claims 33, 36, 37, and 45 are amended. No claims are added, 
or cancelled. Hence, Claims 10, 11, 14-16 and 33-48 are pending in the application. 

Each issue raised in the Office Action mailed on December 21, 2007 is addressed herein. 

I. ISSUES RELATED TO CITED REFERENCES 
A. 35 U.S.C. 102(b) - BSAIBES 

Claims 10, 11, 33-41 and 45-48 are rejected under 35 U.S.C. 102(b) as allegedly 
anticipated by Bsaibes et al., U.S. Patent No. 5,701,458 (hereafter "Bscribes"). The 
rejection is respectfully traversed. 

Independent Claim 33 

Claim 33 is directed to a method of comparing access control lists to configure a security 
policy on a network, and recites: 

subtracting two entries among multiple first access control entries in a first access control 
list from each other; 

determining, from results of subtracting the two entries among the multiple first access 
control entries in the first access control list from each other, a set of non- 
overlapping representation for dimensional ranges covered by the two entries 
among the multiple first access control entries in the first access control list; 

identifying, based on the set of non-overlapping representation, one or more first sub- 
entries in the first access control list; and 

programmatically determining whether the first access control list is functionally 

equivalent to a second access control list by determining whether each of the first 
sub-entries in the first access control list is equivalent to or contained by one or 
more entries of multiple second access control entries in the second access control 
list. 

Claim 33 recites a number of features that are not anticipated by Bsaibes. Bsaibes 
describes an approach to permitting manipulation of an arbitrary set of access control lists in a 
hierarchical objects structure {see Abstract). According to Bsaibes, the hierarchical objects 
structure may be represented as a tree in FIG. 4A or FIG. 4B. A node in the tree may comprise 
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an access control list as illustrated in FIG. 5 through 8. Thus, there may be as many access 
control lists as the number of nodes in the tree. Bsaibes provides a way that an action performed 
at a root node may propagate down and alter an arbitrary set of access control lists residing at or 
underneath the root node. 

As disclosed, Bsaibes fails to disclose each and every feature of Claim 33. 

1. Bsaibes Fails to Disclose Identifying Sub-entries in a First Access Control 
List in Claim 33. 

Claim 33 recites "identifying, based on the set of non-overlapping representation, one or 
more first sub-entries in the first access control list." 

The portion of Bsaibes, at col. 5 line 65 - col. 9 line 9, as cited by the Office Action is 
too long to be recited in its entirety here. However, after a careful study of the cited passage by 
Applicant, nothing in that cited passage is found to disclose any subject matter resembling a 
computer-performed step of identifying sub-entries in an access control list that comprises 
entries, wherein composition of sub-entries is as defined in Claim 33. Clarification as to which 
elements of Bsaibes correspond to each feature of Claim 33 is respectfully requested. 

2. Bsaibes Fails to Disclose Programmatically Determining Equivalency of 
Access Control Lists in Claim 33. 

Claim 33 recites "programmatically determining whether the first access control list is 
functionally equivalent to a second access control list by determining whether each of the first 
sub-entries in the first access control list is equivalent to or contained by one or more entries of 
multiple second access control entries in the second access control list." 

The Office Action cites the same, multi-column passage in Bsaibes as disclosing the 
above-recited features of Claim 33. The cited passage again is devoid of subject matter 
resembling programmatically determining whether the first access control list is functionally 
equivalent to a second access control list by determining whether each of the first sub-entries in 
the first access control list is equivalent to or contained by one or more entries of multiple second 
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access control entries in the second access control list as featured in Claim 33. Since the cited 
portion of Bsaibes is about using a Modify_Delete command to alter an existing access control 
specification, there is neither motive, nor suggestion, nor any need to compare functional 
equivalency of two ACLs. In addition, the Office Action has failed to particularly point out 
which two entities of Bsaibes correspond to the two ACLs of Claim 33. Thus, since the Office 
Action does not identify which two entities of Bsaibes correspond to the two ACLs of Claim 33, 
the Office Action also fails to particularly identify which feature of Bsaibes corresponds to 
comparing any two ACLs for determining functional equivalency. 

Applicants are entitled to a reasonable clarification as to where such subject matter in 
Bsaibes that describes programmatically determining whether the first access control list is 
functionally equivalent to a second access control list by determining whether each of the first 
sub-entries in the first access control list is equivalent to or contained by one or more entries of 
multiple second access control entries in the second access control list, as featured in Claim 33. 
3. The Cited Portion of Bsaibes Fails to Anticipate Claim 33 
The cited passage in Bsaibes describes how an arbitrary set of access control lists may 
be altered by an action documented in TABLE 1 of the reference (see col. 7, lines 30-64). For 
example, an action may be a Modify_Delete (Id. at col. 8, line 49). A user "Tim" and a 
permission "w" may be specified. When such an action is acted on node A, 700, in FIG. 6, 
Tim's permission entry in the access control list that is associated with node A is compared with 
the permission specified with the action (i.e., "Modify_Delete"). See Bsaibes, col. 8, lines 52-59. 
Tim's "w" permission in the entry in the access control list, if any, is deleted (Id.). This may be 
repeated for every access control list found at or under node A. See Bsaibes, col. 8, line 60-col. 
9, line 6. 

Clearly, Bsaibes' s only comparison for the purpose of carrying out this Modify_Delete 
action is between permissions specified in a command and permissions specified in an entry of 
an access control list. This is not analogous to determining equivalency between two access 
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control lists. By definition, a Modify_Delete command seeks to modify or delete a portion of an 
access control list. Bsaibes cannot disclose determining equivalency between two ACLs, as 
featured in Claim 33, since such determining is not disclosed in the cited reference for carrying 
out a Modify_Delete command, nor is it necessary. 

In Bsaibes, only a direct comparison between Tim's permissions in his entry in the access 
control list and a permission specified in the command is needed. Thus, the comparison is not 
about the equivalency of two ACLs. 

Furthermore, there is no disclosure in Bsaibes that Tim's existing permission entry in the 
access control list is to be identified into sub-entries, as featured in Claim 33. 

In response, the present Office Action, on page 2, states: 

On page 4, the applicant argues that Bsaibes does not disclose 
"programmatically determining whether the first access control list is functionally 
equivalent to a second access control list by determining whether each of the first 
sub-entries in the first access control list is equivalent to or contained by one or 
more entries of multiple second access control entries in the second access control 
list". 

The examiner respectfully disagrees. Referring first to node A, 700, in 
FIG. 6, comparing Tim's permission at 706 with the corresponding permissions in 
FIG. 5, it will be noted that Tim permission is modified in FIG. 6 and the write 
permission (w) is deleted. Similarly, Catherine is modified and granted execute 
permission in node A of FIG. 6 whereas previously in node A (FIG. 5), she only 
had read and write permission. 

The Office Action fails to link the two examples of modifying user permissions, as 
disclosed by Bsaibes, with the recited features of Claim 33. Indeed, the Office Action essentially 
contends that Bsaibes discloses modifying or deleting permissions of users. Consequently, it 
would be redundant in Bsaibes to determine any equivalency of an access control list with 
another, since the access control list is to be altered by this Modify-Delete command anyway. 

The statement in the Office Action does not establish which entity of Bsaibes 
corresponds to the first access control list in Claim 33, which entity of Bsaibes corresponds to 
the first access control entries in the first access control list, and which entity of Bsaibes 
corresponds to the sub-entries in the first access control list. In addition, the Office Action also 
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fails to identify which entity of Bsaibes as corresponding to the second access control list of 
Claim 33. 

4. Bsaibes Fails to Disclose Other Recited Features in Claim 33. 

Claim 33 recites "subtracting two entries among multiple first access control entries in a 
first access control list from each other." Claim 33 also recites "determining, from results of 
subtracting the two entries among the multiple first access control entries in the first access 
control list from each other, a set of non-overlapping representation for dimensional ranges 
covered by the two entries among the multiple first access control entries in the first access 
control list." Claim 33 further recites "identifying, based on the set of non-overlapping 
representation, one or more first sub-entries in the first access control list." Bsaibes fails to 
disclose these features. 

For the reasons set forth above, since Bsaibes fails to disclose at least one recited feature 
of Claim 33, Claim 33 is patentable over Bsaibes. 

Claims 36, 37 and 45 

Claims 36, 37 and 45 are independent claims that are similar in scope and include all 
features of method claim 33. Claims 36, 37 and 45 are patentable over Bsaibes for at least the 
same reasons as those given above in connection with claim 33. 

Claims 10, 11, 34-41 and 46-48 

Claims 10, 11, 34-41 and 46-48 depend from, and hence, incorporate all of the features of 
claim 33, 36, 37 or 45 that are discussed above. These claims also recite further features that 
independently render them patentable over Bsaibes. However, because Bsaibes lacks the 
features discussed above for claims 33, 36, 37, or 45, claims 10, 11, 34-41 and 46-48 necessarily 
are patentable over Bsaibes for at least the reasons given above in connection with claim 33, 36, 
37 or 45. 

B. 35 U.S.C. 103(a) - BSAIBES and BRAWN 

Claims 14, 42 and 50 are rejected under 35 U.S.C. 103(a) as allegedly unpatentable over 
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Bsaibes as applied to claims 33, 37 and 45 and further in view of Brawn et al., U.S. Patent No. 
7,020,718 B2 (hereafter "Brawn"). The rejection is respectfully traversed. 

Claims 14, 42 and 50 depend from, and hence, incorporate all of the features of claim 33, 
36, 37 or 45. Claims 14, 42 and 50 also recite further features that independently render them 
patentable over Bsaibes. Brawn fails to disclose any of the features of claim 33, 36, 37 or 45 
previously discussed and therefore Brown does not cure the deficiencies of Bsaibes that are 
described above, and any combination of Brown and Bsaibes necessarily cannot provide the 
complete subject matter of claims 14, 42, and 50. Claims 14, 42, and 50 are patentable over 
Bsaibes and Brawn for at least the reasons given above in connection with claim 33, 36, 37 or 
45. 

C. 35 U.S.C. 103(a) - BSAIBES and MATE 

Claims 15, 43 and 51 are rejected under 35 U.S.C. 103(a) as allegedly unpatentable over 
Bsaibes as applied to claims 33, 37 and 45, and further in view of Mate et al., U.S. Patent No. 
7,028,098 B2 (hereinafter "Mate"). The rejection is respectfully traversed. 

Claims 15, 43 and 51 depend from and incorporate all of the features of claim 33, 36, 37 
or 45. Claims 15, 43, and 51 also recite further features that render them patentable over 
Bsaibes. Mate fails to disclose any of the features of claim 33, 36, 37 or 45 previously discussed, 
and therefore Mate does not cure the deficiencies of Bsaibes that are described above, and any 
combination of Mate and Bsaibes necessarily cannot provide the complete subject matter of 
claims 15, 43, and 51. Claims 15, 43, and 51 are patentable over Bsaibes and Mate for at least 
the reasons given above in connection with claim 33, 36, 37 or 45. 

D. 35 U.S.C. 103(a) - BSAIBES and BANGINWAR 

Claims 16, 44 and 52 are rejected under 35 U.S.C. 103(a) as allegedly unpatentable over 
Bsaibes as applied to claims 33, 37 and 45, and further in view of Banginwar, U.S. Patent No. 
6,61 1,863 (hereafter "Banginwar"). The rejection is respectfully traversed. 
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Claims 16, 44 and 52 depend from, and hence, incorporate all of the features of claim 33, 
36, 37 or 45. Claims 16, 44, and 52 also recite further features that render them patentable over 
Bsaibes. Banginwar fails to disclose any of the features of claim 33, 36, 37 or 45 previously 
discussed and therefore Banginwar does not cure the deficiencies of Bsaibes that are described 
above, and any combination of Banginwar and Bsaibes necessarily cannot provide the complete 
subject matter of claims 16, 44, and 52. Claims 16, 44, and 52 are patentable over Bsaibes and 
Banginwar for at least the reasons given above in connection with claim 33, 36, 37 or 45. 
II. CONCLUSIONS 

For the reasons set forth above, it is respectfully submitted that all of the pending claims 
are now in condition for allowance. Therefore, the issuance of a formal Notice of Allowance is 
believed next in order, and that action is most earnestly solicited. 

If any applicable fee is missing or insufficient, throughout the pendency of this 
application, the Commissioner is hereby authorized to charge any applicable fees and to credit 
any overpayments to our Deposit Account No. 50-1302. 

Respectfully submitted, 

HICKMAN PALERMO TRUONG & BECKER LLP 

Dated: March 3, 2008 /ZhichongGu#56543/ 

Zhichong Gu 
Reg. No. 56,543 

2055 Gateway Place, Suite 550 
San Jose, California 95110-1089 
Telephone No.: (408) 414-1236 
Facsimile No.: (408)414-1076 
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